Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Registration of existing email should maybe always require a confirmation #27

Open
Kauhsa opened this issue Jan 23, 2015 · 2 comments
Open

Registration of existing email should maybe always require a confirmation #27

Kauhsa opened this issue Jan 23, 2015 · 2 comments
Labels
enhancement wontfix

Comments

@Kauhsa
Copy link

Kauhsa commented Jan 23, 2015

Currently, server doesn't seem to ask confirmation if "device ID" matches (see Utils.getDeviceId() method on Android client), but this is probably insecure since the device id is not guaranteed to be unique.

Need to figure out a better solution.
@Kauhsa Kauhsa changed the title Registration of existing email should maybe always be confirmed Registration of existing email should maybe always require a confirmation Feb 24, 2015
@ffagerho ffagerho added this to the Version 409 milestone Sep 14, 2015
@ffagerho
Copy link
Contributor

Related to #65.

@anzhieta
Copy link

Fixing this right now would cause the server to require confirmation every time you sign in, since signing out clears your existing authentication token. A proper fix would be to use passwords to authenticate sign ins, but that requires major changes in both the app and the server

@ffagerho ffagerho removed this from the Version 0.1.2 milestone Sep 25, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement wontfix
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ffagerho @Kauhsa @anzhieta @chumbalayaa